Millions of users rely on Dropbox and other similar file sharing and hosting services to store and share their files, however, research shows how to use cloud storage synchronisation services to get around firewalls.
Dropbox and other cloud storage services and applications including SkyDrive, Google Drive, Amazon Cloud Drive have increased in popularity recently as it is so easy for users to drag files to an icon that then places that data onto an external cloud server and shares it with others and then automatically synchronises that file to other connected devices.
However, due to this ease of use, cloud based applications can also be insecure and now it is being revealed that if a compromised computer has Dropbox functionality the syncing feature allows and malware present that may have been installed by an attacker to reach other machines and networks using the same service.
Once Dropbox or SkyDrive, Google Drive, Amazon Cloud Drive or any comparable cloud based software has been configured, anything placed within the synchronisation folder is automatically allowed through the firewall.
This research adds to a number of other recent security concerns over cloud storage applications including Dropbox, SkyDrive, Google Drive and Amazon Cloud Drive over storing data on remote servers.
The Vulnerability of Cloud Based Storage such as Dropbox
Whilst Dropbox, SkyDrive, Google Drive and Amazon Cloud Drive can be better and more convenient than storing all data locally, the transfer of data to an external source leaves it open to misuse and researchers find different methods in order to attack them and intercept information and data.
This vulnerability within Dropbox was identified by a computer security firm that was asked to investigation the security of a company computer network.
Spear Phishing Attack Allowed Access to the Victim Computer via Dropbox
They obtained a personal email address for a senior manager, carried out a “spear-phishing” attack when an email was sent to the address that was ‘clicked’ and contained malware and then the company was able to get access to his personal computer via Dropbox when he was away from his office and found confidential company documents within the Dropbox synchronisation folder.
This was not a flaw in Dropbox, which was performing as designed, by synchronising files and data from one computer to another connected to the same account, however, the function of Dropbox was then misused in order to load malware onto the company computer through that synchronisation process and allow access to that network via a DropSmack tool that they wrote that, when opened, allowed malicious commands to be sent inside the corporate network via those synchronised files and files to be stolen.
The same process was replicated using other similar cloud storage services such as SkyDrive, Google Drive, Amazon Cloud Drive.
22nd August 2013
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0330 123 4448 or via email on firstname.lastname@example.org, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.